捕获坏人
Cloud security is a hard problem, but an even harder one is cloud security at scale. In recent years we’ve seen several cloud focused data breaches and evidence shows that threat actors are becoming more advanced with their techniques, goals, and tooling. With 2021 set to be a new high for the number of data breaches, it was plainly evident that we needed to evolve how we approach our cloud infrastructure security strategy.
云安全是个难题,但更难的是规模化的云安全问题。近年来,我们已经看到了一些以云计算为重点的数据泄露事件,证据显示,威胁者的技术、目标和工具正变得越来越先进。随着2021年数据泄露事件的数量创下新高,很明显我们需要发展我们的云基础设施安全策略。
In 2020, we decided to reinvent how we handle cloud security findings by redefining how we write and respond to cloud detections. We knew that given our scale, we needed to rely heavily on automations and that we needed to build our solutions using battle tested scalable infrastructure.
2020年,我们决定重塑我们处理云安全发现的方式,重新定义我们编写和响应云检测的方式。我们知道,鉴于我们的规模,我们需要在很大程度上依靠自动化,我们需要使用经过战斗考验的可扩展基础设施来构建我们的解决方案。
Introducing Snare
斯奈尔的介绍
Snare Logo
斯纳尔标志
Snare is our Detection, Enrichment, and Response platform for handling cloud security related findings at Netflix. Snare is responsible for receiving millions of records a minute, analyzing, alerting, and responding to them. Snare also provides a space for our security engineers to track what’s going on, drill down into various findings, follow their investigation flow, and ensure that findings are reaching their proper resolution. Snare can be broken down into the following parts: Detection, Enrichment, Reporting & Management, and Remediation.
Snare是我们的检测、充实和响应平台,用于处理Netflix的云安全相关发现。Snare负责每分钟接收数以百万计的记录,并对其进行分析、报警和响应。Snare还为我们的安全工程师提供了一个空间,以跟踪正在发生的事情,深入研究各种发现,跟踪他们的调查流程,并确保发现达到其适当的解决。Snare可以分解成以下几个部分。检测、充实、报告和管理以及补救。
Snare Finding Lifecycle
抢答器的生命周期
Snare was built from the ground up to be scalable to manage Netflix’s massive scale. We currently process tens of millions of log records every minute and analyze these events to perform in-house custom detections. We collect findings from a number of sources, which includes AWS Security Hub, AWS Config R...